The US Environmental Protection Agency (EPA) said it is forming a new “Water Sector Cybersecurity Task Force” to devise ways to counter threats faced by the water sector in the country.
“In addition to considering the prevalent vulnerabilities of water systems to cyberattacks and the challenges faced by some systems in adopting best practices, this Task Force will seek to build on existing collaborative products in its deliberations,” the EPA said.
In a letter sent to all US governors, EPA Administrator Michael Regan and National Security Advisor Jake Sullivan highlighted the need to protect water and wastewater systems (WWS) from cyber attacks that could cut off access to clean, safe drinking water.
At least two threat actors have been linked to intrusions against the nation’s water systems, including those by an Iranian hacktivist group called Cyber Av3ngers and the China-linked Volt Typhoon, which targeted communications, energy, transportation and water and wastewater. sectors in the United States and Guam for at least five years.
“Drinking water and wastewater systems are an attractive target for cyberattacks because they are a critical infrastructure sector, but they often lack the resources and technical capacity to adopt rigorous cybersecurity practices,” Regan and Sullivan said.
The development coincides with the release of a new fact sheet by the US Cybersecurity and Infrastructure Security Agency (CISA), which urges critical infrastructure entities to defend against the “urgent risk posed by Volt Typhoon” by implementing secure-by-design principles, robust logging, safeguard the supply chain and raise awareness of social engineering tactics.
“Volt Typhoons have pre-positioned themselves on U.S. critical infrastructure organizations’ networks to enable disruption or destruction of critical services in the event of increased geopolitical tensions and/or military conflict with the United States and its allies,” he said. notified the agency.
Cybersecurity firm SentinelOne, in a report published last month, revealed how China has launched an offensive media strategy to spread “unfounded” narratives about US hacking operations for over two years.
“Repeating China’s accusations helps [People’s Republic of China] shaping global public opinion of the U.S. China wants to see the world recognize the United States as the “hacking empire,” said Dakota Cary, a Sentinel One consultant focused on China.
“The fact that China makes allegations of US espionage operations is still noteworthy, as it provides insight into US-China relations, even if China does not support its claims.”